Introduction
The organisation is thriving, built from the ground up and with many loyal customers. It hasn’t been easy –surviving recessions, global pandemics and even world wars. Then one day, it all falls apart…
An employee logs in using their password – but it’s weak and easily guessed. Behind the scenes, the credentials are exploited and this unfolds into a catastrophic breach. Within hours, systems are encrypted, files vanish, operations grind to a halt. No coming back, despite over 150 years of service – more than 700 jobs are lost.
This introduction is based on a security incident that impacts a long-established UK logistics firm. In this article we focus on the theme of access management – we reference a case study, provide general guidance and recommendations.
What is Access Management?
Access management relates to the control of who has access to organisational data, systems and services. The aim is to ensure only authorised people can access information, and that access is appropriate to the role.
Relatable Case Study
- Organisation: Knights of Old (UK-based logistics firm)
- Incident: In 2023, the company suffered a catastrophic cyber security incident. The attackers gained access to internal systems using a weak, easily guessed employee password. They deployed ransomware, encrypted files, escalated privileges, and deleted critical backups – both local and cloud-based
- Financial Implications: Business operations were unrecoverable. Despite having cyber insurance, the organisation could not withstand the financial and operational impact. The company went into administration and over 700 employees lost their jobs.
- How it Links to Access Management:
- Password strength and policy – data breaches can stem from a weak password. A strong password policy promoting unique passwords can help.
- Multi-factor authentication (MFA) – Lack of MFA can allow attackers to exploit credentials using tactics such as brute force (password guessing) and credential stuffing (attempting exposed passwords from other systems and breached)
- Source Information: https://www.bbc.co.uk/news/articles/cpvren4je77o
General Guidance
- Use unique accounts and avoid sharing login capabilities
- Enable multi-factor authentication (MFA) wherever possible – mandate for cloud services
- Apply least privilege – only providing access that is necessary based on role
- Regularly check and remove unused accounts
- Enable device locking mechanisms and sign-out of services when not being used
Recommended Actions
- Keep it simple and secure
- Use a risk assessment and your risk appetite to help drive the requirements for your organisation
- Use unique and strong credentials – provide training / education to support
- Apply role-based access control – to restrict access based on requirements
- Use MFA where possible – for an extra (but necessary) layer of security control
- Use a separate administrative account – use a standard account for day to day activity
- Seek guidance and support from an IASME Certification Body and Certified Information System Security Professional (CISSP) – such as RB Consultancy Ltd
How We Help
At RB Consultancy Ltd, we support organisations by:
- Providing templates, guidance and experience to support
- Explaining what security measures are available and how they can help
- Collaborating to implement controls to support the requirements
- Assessing and issuing certifications – such as Cyber Essentials and Cyber Assurance
- Contact us for consultancy and certification support
Conclusion
The devastating collapse of Knights of Old, helps highlight the importance of access management. A single weak password can be the difference between continued business success and closure. A lack of multi-factor authentication and poor access controls can allow attackers to halt operations and delete critical data. Encouraging strong / unique credentials, least privilege and regular account reviews can help avoid major security incidents.
RB Consultancy Ltd helps organisations understand the importance of access management – we support the implementation of appropriate measures to help build cyber resilience. We are an IASME Certification Body and NCSC Assured Service Provider who provide services to empower and protect organisations. Holding CISSP and ISO 27001 lead implementer certification, you can Contact Us for assistance with cyber security resilience.
This blog is written by Remo Belisari, Managing Director of RB Consultancy Ltd. He is an experienced cyber security professional and cyber advisor. Remo holds certifications in CISSP, ISSAP, ISO 27001, Cyber Essentials, and IASME Cyber Assurance. He has many years of experience in IT and cybersecurity. He has supported organisations worldwide. His work includes helping a Fortune 500 company in the USA and over 100 organisations across the UK. The views in this blog are his own. They do not necessarily reflect the views of RB Consultancy Ltd, its clients, partners, or affiliates. The content is for general information only.